Vulnerability Management Analyst
The Technician (Vulnerability Analyst) will work seamlessly with the ISSM and other IT Security staff to create a holistic and fully integrated IT Security organization for the overarching Program.
-Plan and execute vulnerability and compliance scans across the infrastructure.
-Analyze scan reports to determine technical validity and merit.
-Collaborate with infrastructure and application teams on security vulnerability remediation or patch management validation.
-Identify and recommend appropriate measures to manage and remediate vulnerabilities.
-Monitor and track security-related defects and resolutions.
-Triage request for security scans from infrastructure and application teams.
-Assist in establishing and implementing a CDM capability with integrated security controls; Enable continuous monitoring to proactively survey, monitor, and track security-related defects and the status of their resolutions.
-Employ automated or manual continuous monitoring techniques. Research GOTS or COTS automated continuous monitoring solutions.
-Develop vulnerability scanning rules.
-Develop scan results review and assessment procedures. Provide reports.
-Bachelor's Degree in a relevant major from an accredited college or university with 10+ years of continuous and progressive experience.
-In-depth technical experience with Tenable Nessus, SecurityCenter, HP WebInspect, and BigFix.
-Experience in threat and vulnerability management, and penetration testing.
-Experience with multiple programming and scriptinglanguages (such as, Java, Python, C++, .NET).
-Demonstrated experience with Linux, Windows, and Cisco.
-Knowledge of web application administration and management.
-Knowledge of OWASP Top 10.
-Knowledge of FedRAMP and FISMA compliance methodologies.
-Demonstrate knowledge of networking concepts and devices (Firewalls, Routers, Switches, and Load Balancers).
-Demonstrate an understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
-Experience developing and improving KPIs, metrics, and trending for vulnerability management functions.
-Understanding of how applications, networking, operating systems, and databases work.
-Familiar with industry standard security best practices and vulnerability management processes including compliance reporting.
-Working knowledge of FISMA controls with the ability to oversee traceability to the controls.
-Past experience working throughout a complete IT Security life-cycle preferred.
-Project task management skills desired.
-Experience supporting a complex System of Systems preferred.
-Experience in working as a compliance and security control planner and implementer.
-Ability to define and manage reporting and measurement systems for IT Security.
-Ability to understand CIS and DISA STIG benchmarks.
-Certifications: Certified Ethical Hacker (CEH), Security +, Network+, Tenable Certified Nessus User.
-Tools/Technology Experience: Broad knowledge of security tools for both cloud and Data Center, including commercial and open source.
Keywords: Greenbelt MD Jobs, Vulnerability Management Analyst, Nessus, SecurityCenter, HP WebInspect, BigFix, Vulnerability Management, Penetration Testing, Scripting, Linux, Windows, Cisco, Maryland Recruiters, Information Technology Jobs, IT Jobs, Maryland Recruiting
No Corp-To-Corp Or Third Party Recruiters; W-2 Direct Hire Only.